


9. (Currently Amended) A method in a data processing system for managing an 



information request, comprising: 

establishing a session , including authenticating a client based on a presented 
credential ; 

generating a session identification in response to the session being established; 
associating the presented credential with session data; 
sending the session identification to the client; 

receiving a request for information and a credential and the session identification 
from a the client; 

determining whether the session identification is valid; 

determining whether the credential is valid for both the client and the session 

data ; 

sending the information to the client in response to the session identification and 
the credential being valid. 



10. (Original) The method of claim 9, wherein the credential is a user name and 
password, a security token, or a certificate. 

1 1 . (Original) The method of claim 9, further comprising: 

associating a user account with the session identification in response to the 
credential being valid. 

12. (Original) The method of claim 9, wherein the step of generating a session 
identification comprises generating a random number. 

13. (Original) The method of claim 9, wherein the step of generating a session 
identification comprises generating a session identification data structure. 
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14. (Original) The method of claim 13, wherein the session identification data 
structure is a session identification cookie. 

15. (Original) The method of claim 13, wherein the session identification data 
structure is in a rewritten uniform resource locator. 

16. (Original) The method of claim 9, wherein the request is a hypertext transport 
protocol request. 

17. (Original) The method of claim 16, wherein the hypertext transport protocol 
request is a uniform resource locator. 



Claims 18-21 (Canceled) 

22. (Original) A method in a data processing system for managing an information 
request, comprising: 

receiving a request for information and a session identification and a first 
credential from a client; 

determining whether the session identification is valid; 

retrieving a session data structure including a second credential in response to the 

session identification being valid; 

determining whether the first credential and the second credential match; and 
fulfilling the request for information in response to the first credential and the 

second credential matching. 

23. (Original) The method of claim 22, wherein the first credential is a user name and 
password, a security token, or a certificate. 

24. (Original) The method of claim 22, wherein the step of generating a session 
identification comprises generating a random number. 
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25. (Original) The method of claim 22, wherein the step of generating a session 
identification comprises generating a session identification data structure. 

26. (Original) The method of claim 25, wherein the session identification data 
structure is a session identification cookie. 

27. (Original) The method of claim 25, wherein the session identification data 
structure is in a rewritten uniform resource locator. 

28. (Original) The method of claim 22, wherein the request is a hypertext transport 
protocol request. 

29. (Original) The method of claim 28, wherein the hypertext transport protocol 
request is a uniform resource locator. 



Claims 30-37 (Canceled) 




38. (Currently Amended) An apparatus for managing an information request, 



comprising: 

session means for establishing a sessio n, including authenticating a client based 
on a presented credential ; 

generating means for generating a session identification in response to the session 
being established; 

association means for associating the presented credential with session data; 
first sending means for sending the session identification and to the client; 
receipt means for receiving a request for information and a credential and the 
session identification from the client; 

first determining means for determining whether the session identification is 

valid; 
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second determining means for determining whether the credential is valid for both 
the client and the session data ; and 

second sending means for sending the information to the client in response to the 
session identification and the credential being valid. 



39. (Original) The apparatus of claim 38, wherein the credential is a user name and 
password, a security token, or a certificate. 

40. (Original) The apparatus of claim 38, further comprising: 

association means for associating a user account with the session identification in 
response to the session identification being generated. 

41. (Original) The apparatus of claim 38, wherein the generating means comprises 
means for generating a random number. 

42. (Original) The apparatus of claim 38, wherein the generating means comprises 
means for generating a session identification data structure. 

43. (Original) The apparatus of claim 42, wherein the session identification data 
structure is a session identification cookie. 

44. (Original) The apparatus of claim 42, wherein the session identification data 
structure is in a rewritten uniform resource locator. 

45. (Original) The apparatus of claim 38, wherein the request is a hypertext transport 
protocol request. 

46. (Original) The apparatus of claim 45, wherein the hypertext transport protocol 
request is a uniform resource locator. 
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5 1 . (Original) An apparatus for managing an information request, comprising: 
a processor; and 

a memory electrically connected to the processor, the memory having stored 
therein a program to be executed on the processor for performing: 

receiving a request for information and a session identification and a first 
credential from a client; 

determining whether the session identification is valid; 

retrieving a session data structure including a second credential in 
response to the session identification being valid; 

determining whether the first credential and the second credential match; 

and 

fulfilling the request for information in response to the first credential and 
the second credential matching. 

52. (Original) The apparatus of claim 51, wherein the first credential is a user name 
and password, a security token, or a certificate. 

53. (Original) The apparatus of claim 51, wherein the step of generating a session 
identification comprises generating a random number. 

54. (Original) The apparatus of claim 51, wherein the step of generating a session 
identification comprises generating a session identification data structure. 

55. (Original) The apparatus of claim 54, wherein the session identification data 
structure is a session identification cookie. 

56. (Original) The apparatus of claim 54, wherein the session identification data 
structure is in a rewritten uniform resource locator. 
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57. (Original) The apparatus of claim 51, wherein the request is a hypertext transport 
protocol request. 

58. (Original) The apparatus of claim 57, wherein the hypertext transport protocol 
request is a uniform resource locator. 



60. (Currently Amended) A computer program product, in a computer readable 
medium, for managing an information request, comprising: 

instructions for establishing a session , including authenticating a client based on a 
presented credential ; 

instructions for generating a session identification in response to the session being 
established; 

instructions for associating the presented credential with session data; 

instructions for sending the session identification to the client; 

instructions for receiving a request for information and a credential and the 
session identification from a client; 

instructions for determining whether the session identification is valid; 

instructions for determining whether the credential is valid for both the client and 
the session data ; 

instructions for sending the information to the client in response to the session 
identification and the credential being valid. 



Claim 61 (Canceled) 

62. (Original) A computer program product, in a computer readable medium, for 
managing an information request, comprising: 

instructions for receiving a request for information and a session identification 
and a first credential from a client; 

instructions for determining whether the session identification is valid; 



Claim 59 (Cam 





-7* 
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instructions for retrieving a session data structure including a second credential in 
response to the session identification being valid; 

instructions for determining whether the first credential and the second credential 
match; and 

instructions for fulfilling the request for information in response to the first 
credential and the second credential matching. 

63. (New) A method in a data processing system for managing an information 
request, comprising: 

authenticating a client based on a presented credential; 

generating a session identification in response to the client being authenticated; 
associating the presented credential with session data; 
sending the session identification to the client; 

receiving a request for information and a credential and the session identification 
from the client; 

determining whether the session identification is valid; 

determining whether the credential is valid for both the client and the session 
data; and 

sending the information to the client in response to the session identification and 
the credential being valid. 
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